Oracle Enterprise Manager 13C has been introduced as a ‘single pane of glass’. Managing and monitoring all the assets, in or out of the public cloud.
But when creating an RDS- database instance in Amazon’s cloud, it is monitored by Cloudwatch, and it’s not possible to install a so-called Oracle Hybrid Cloud Agent to connect directly to the Oracle Management Service of OEM13c. Luckily there’s a plugin to connect with Cloudwatch. This article will cover the installation of this plugin and connection of OEM13 to the RDS database instance.
A few steps has to be taken:
– Download AWS plugin
– Download and install Amazon certificate (o.s. –level)
– Install plugin on OEM13C
– Gather connect endpoint-information from your RDS database-instance
– Configure the connection with the RDS database instance.
Download AWS plugin
Download the AWS plugin, not at edelivery.com, but at the old oracle/technet – site.
Beware of this sentence on that page.
“Have questions about this plugin? Oracle does not support this Plug-in, but community support is provided via the Oracle Enterprise Manager OTN Forum “
When downloaded, there’s no need to unzip the file.
Download and install Amazon certificate (o.s.-level)
Download from : https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem
Import in java store –> # keytool -import -noprompt -trustcacerts –alias amazonrds -file rds-ssl-ca-cert.pem –keystore <jdk-directory>/cacerts –storepass changeit
Where ‘changeit’ is the default password for the java-store, and ‘amazonrds’ a chosen name is.
Confirm if the certificate has been stored: –> keytool -list -keystore <jdk-directory>/cacerts | grep -i amazonrds
Install plugin on OEM13C
First the plugin has to be imported through EMCLI:
./emcli import_update -file=/home/oracle/scripts/22.214.171.124.0_oracle.em.aws_2000_0.zip –omslocal .
Deploy the plugin through OEM13C – plugin page (setup –> extensibility –> plugins) on Management server ánd Agent.
There’s a note involved:
– Deployment usually takes about 10 minutes to complete. During that time, all connected users will be disconnected from Enterprise Manager. Even though the confirmation page displays, clicking Show Status will display “This webpage is not available” while deployment of the plug-in progresses. –
Example screenshot while deploying at Management Agent.
O.k. It has been deployed:
Gather connect endpoint-information from your RDS database-instance
Information you need from Amazon:
– Security credentials (account –> Security credentials)
– Instance information (Services –> RDS –> DB Instances ).
And through the Availability Zone in the instance lookup the rds and cloudwatch (starts with monitoring…) endpoints in the following document:
Configure the connection with the RDS database instance through GUI
It should be able to configure the connection through the GUI, so I chose setup –> add target –> add target declarative.
Choose the AWS connection in the following screen:
In the next screen you’ll need to fill in all the information you gathered from the Amazon site regarding keys, endpoints etc:
But…. while editing this form, I keep getting the error ‘Passwords do not match’ (and they really do !)…..
So.. back to EMCLI.
Configure the connection with the RDS database instance through commandline
./emcli login -username=sysman -password=sysman_password
./emcli add_target -name=”<target_name>” -type=”AmazonRDSService” -host=”<host>” -properties=”RDS_BaseURI=<RDS_BaseURI>;BaseURI=<BaseURI>;InstanceId=<instanceid>;Period=300″ -subseparator=properties=”=“
./emcli set_monitoring_credential -set_name=”AWSKeyCredentialSet” -target_name=”<target_name>” -target_type=”AmazonRDSService” -cred_type=”AWSKeyCredential” -attributes=”AccessKeyId:<Access_key>;SecretKey:<secret_key>“
./emcli set_monitoring_credential -set_name=”SSLTrustStoreCredentialSet” -target_name=”<target_name>” -target_type=”AmazonRDSService” -cred_type=”StoreCredential” -attributes=”StoreLocation: <jdk-directory>\cocacerts;StoreType:JKS;StorePassword:<storepassword>”
- target_name is the name you will see in OEM – chosen name.
- host is the host running the Management Agent, probably the same as your OMS host.
- RDS_BaseURI is from the information gathered from AWS, depending on the availability zone (start with rds…)
- BaseURI is from the information gathered from AWS, depending on the availability zone (starts with monitoring…)
- Instancename is the RDS Instance Name
- Access_key is the key provided when setting up your Amazon account (security credentials)
- Secret_key is the key provided when setting up your Amazon account (security credentials)
- Storepassword is default ‘changeit’.
In the list of OEM13C targets you should see the Amazon RDS service popping up:
Clicking on this you will get the information page of the RDS instance in OEM13C.
Download AWS plugin: http://www.oracle.com/technetwork/oem/grid-control/downloads/oem-aws-plugin-1852739.html
Download Amazon certificate: https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem
Amazon Endpoint information: http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region
Lazy DBA blog: http://oemcloud.blogspot.nl/2013/07/getting-oracle-enterprise-manager-cloud.html